Following a Wall Street Journal report last week which revealed that search giant Google had developed a way to bypass privacy settings in Apple’s Safari browser, the head honchos at Microsoft’s Internet Explorer (IE) division started wondering if their competitor was doing the same to them.
“We’ve found that Google bypasses the P3P Privacy Protection feature in IE,” he wrote. “The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.”
P3P is a tech convention that’s been adopted by browser-makers as a way of certifying what third parties want to do with a users’ browser. It stands for the Platform for Privacy Preferences Project, which has adopted industry standard certificates used to identify what tracking cookies want to do with a user’s data, allowing browsers to accept or deny the files based upon the users’ privacy preferences.
In Apple’s browser, Google was essentially tricking Safari into thinking it was placing first-party cookies that users had already agreed to, when it was really injecting third-party cookies from advertisers. Something similar happens in IE, Hachamovitch explained: Because Google’s P3P policy identifies third-party cookies as Google’s own, Microsoft’s browser accepts them at face value.
In the code of Google’s tracking files themselves, even though they’ve been validated as P3P compliant, Google includes a line that notes: “This is not a P3P policy,” and directs readers to a support page that explains P3P was not designed with Google’s goals in mind.
While Microsoft hasn’t yet found a fix for Google’s P3P work-around, the IE browser does have another layer of protection in the form of tracking protection lists that keeps up with third-party servers seeking to track individual users, blocking any communications with them.
Google told The Wall Street Journal that its tracking cookies “do not collect personal information,” and they insist that third-party files are only served to customers who are signed in to their Google accounts — meaning they’ve actively requested files necessary for Google’s services to function.
In the wake of Apple’s revelation, some Republican lawmakers have urged the Federal Trade Commission to investigate whether Google violated the terms of a 2011 settlement over practices that guided users into a now-shuttered social network beta called “Buzz.” It seems likely that Microsoft’s revelations will only help drive that controversy further, but it’s not clear why the company hasn’t also called out others, like Facebook, that also ignore P3P standards.
Stephen C. Webster is the senior editor of Raw Story, and is based out of Austin, Texas. He previously worked as the associate editor of The Lone Star Iconoclast in Crawford, Texas, where he covered state politics and the peace movement’s resurgence at the start of the Iraq war. Webster has also contributed to publications such as True/Slant, Austin Monthly, The Dallas Business Journal, The Dallas Morning News, Fort Worth Weekly, The News Connection and others. Follow him on Twitter at @StephenCWebster.
Raw Story is a progressive news site that focuses on stories often ignored in the mainstream media. While giving coverage to the big stories of the day, we also bring our readers' attention to policy, politics, legal and human rights stories that get ignored in an infotainment culture driven solely by pageviews.
Founded in 2004, Raw Story reaches 9 million unique readers per month and serves more than 30 million pageviews.